Privacy Policy

This Privacy policy only concerns H&M customers and users of our online services. If you are applying for a position at H&M this policy is not applicable. The Privacy policy for applicants can be found on our career site.

H&M ensures that your privacy is protected when using our services. This Privacy Policy (“policy”) applies to information that is collected by H&M Hennes & Mauritz GBC AB. This policy applies only to information collected at hm.com, through any hm.com related mobile application, through a computerized device in U.S. stores, or any location where the policy is posted (collectively, the “Sites”). Any changes we have made to this Privacy policy can be found by visiting us online. When we do make changes, we will update the “Last Updated” date below. Where changes are viewed as more material, we may attempt to contact you or we will post a notice on this website that we have made changes to this policy.

The Swedish company - H & M Hennes & Mauritz GBC AB is responsible for your personal data under the Swedish Data Protection Act (1998:204) and EU Directive 95/46/EC and the applicable national data protection law. The US company H&M Hennes & Mauritz L.P is the personal data processor. Your personal data is stored and maintained in Sweden and processed within the H&M group in a few cases outside the EEA-area. By using the Sites, you consent to the transfer of your data overseas and across borders, and from your country or jurisdiction to other countries or jurisdictions around the world. The laws governing data in your home country may differ from those in the countries to which data is transferred. By accessing and using the Sites, you consent to the transfer of your data in this manner.

How do we use your data?

In providing your personal data you consent to H&M using the data collected in order to meet our commitments to you and to provide you with the service you expect. We need your personal data for the following purposes:

To create your personal account at hm.com (e.g. your name and email address)

To be able to analyse your personal data to provide you with relevant marketing offers and information (e.g. name, buying habits)

To be able to validate that your are of legal age for shopping online (e.g. date of birth)

We will only keep your data for as long as necessary to carry out our services to you or as long as we are required by law. After this your personal data will be deleted. We cannot remove your data when there is a legal storage requirement, such as book keeping rules or when there is a legal ground to keep the data, such as an on-going contractual relationship.

Non-personal data is used as described above and in other ways as permitted by applicable laws, including combining non-personal data with personal data.

What are your rights?

You have the right to request information about the personal data we hold on you. If your data is incorrect, incomplete or irrelevant you can ask to have the information corrected or removed. Annually, you also have the right to request written documentation, free of charge, on the personal information we have on you on our account files. To request this document please write in to H&M Customer Service. You can withdraw your consent to us using the data for marketing purposes at any time (i.e., sending catalogues, Newsletters or offers). You can contact us by telephone on 1-855-466-7467 or by e-mail at customerservice.us@hm.com.

Who has access to the data?

We do not sell your information to third parties. We do, however, share data with third parties when necessary to fulfill a transaction, complete a service, for administrative purposes, or when required by law. Any data that is forwarded to third parties is used to meet H&M’s commitments to you. H&M may also supply your personal data to organizations such as credit reference or debt collection agencies for the purposes of credit checks, identity checks, monitoring credit rating and debt collection. Additionally, we will share your data if such sharing is required by law or to protect against potential or suspected fraud. Also, if H&M Hennes & Mauritz AB undergoes a merger, corporate reorganization, or all or part of our assets are sold or acquired by another party, your personal data may be shared. If you do not want us to share your personal data in these manners, please do not provide it to us.

How do we protect your data?

No data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to us is done at your own risk. That said, once we receive your transmission, we have technical and organizational measures in place to help protect your data from loss, manipulation, unauthorised access, etc. We continually adapt our security measures in line with technological progress and developments. At H&M we protect your data using encryption using Secure Sockets Layer (SSL). SSL is a function that encrypts all information sent between buyer and seller, including card information, so that card details cannot be read by external parties.

For card purchases we work with an authorised payment agent that helps us to check directly with your bank that the card is valid for purchases. Our payment agent processes your card details in line with the PCI DSS requirements. When you pay by card we reserve the right to carry out an identity check.

Your Account Information

You can access your personal account to update your personal data. Please note, however, that your personal account information is protected by your user name and password. It is your responsibility to maintain the security of your username and password as any actions taken while logged into your account will be your responsibility.

Minors

We do not collect any personal data directly from individuals under the age of 13. If we discover that any such information is in our possession, we will delete it.

What data do we collect?

This policy applies only to information collected on the Sites. We collect two types of information from visitors to the Sites: (1) Personal data and (2) Non-personal data.

“Personal data” is information that identifies you personally, such as your name, address, telephone number, email address, and sometimes your Internet Protocol (IP) address. We may collect this information when you create a profile on our Sites, visit our Sites, or complete a purchase.

“Non-personal data” can be technical in nature. It does not identify you personally. Examples of non-personal data include the following:

Cookie -- A “cookie” is a small text file that is saved to and during subsequent visits, retrieved from, your computer or mobile device. H&M uses cookies to enhance and simplify your visit. We do not use cookies to disclose information to third parties. There are also third-party cookies on our Sites, which we use to collect statistics in aggregate form in analysis tools such as Google Analytics and Core metrics. Some of these cookies may track your behavior across multiple websites. There are two types of cookies persistent and temporary (session cookies). Persistent cookies are stored as a file on your computer or mobile device for a time period no longer than 24months. Session cookies are stored temporarily and disappear when you close your browser. We use persistent cookies to store your shipping country and shopping bag unless you log in. We use session cookies when to check whether you are logged in or not. You can easily erase cookies from your computer or mobile device using your browser. For instructions on how to handle and delete cookies please look under "Help" in your browser. You can choose to disable cookies, or to receive a notification each time a new cookie is sent to your computer or mobile device. However, please note that if you choose to disable cookies, you will not be able to take advantage of all features.

Web Beacons (also known as "clear gifs," "web bugs" or "pixel tags") -- "Web Beacons" are tiny graphics with a unique identifier, similar in function to cookies, and are used to allow us to count users who have visited certain pages of the Sites and to help determine the effectiveness of promotional or advertising campaigns. In contrast to cookies, which are stored on a user's computer hard drive, web beacons are embedded invisibly on web pages.

Demographic Information -- "Demographic Information" may be your gender, age, zip code, geolocation data and interests, which you voluntarily provide to us on and through the Sites. We use this information to provide you with personalized services and to analyze trends to ensure the information provided by the Sites meet your needs. Please note that we also consider aggregated information, which is not personally identifiable, to be non-personal data.

The above list provides an example of the non-personal data that is collected via the Sites

Online Tracking

Please note that our Sites do not support “Do Not Track” browser settings and do not currently participate in any “Do Not Track” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your personal or non-personally identifiable information.

Links

The Sites may include links to other websites which don't fall under our supervision. We cannot accept any responsibility for the protection of the privacy or the content of these websites, but we offer these links to make it easier for our visitors to find more information about specific subjects.

E-mail Opt-out

We communicate with users who subscribe to our services on a regular basis via email. For example, we may use your email address to confirm your request, to send you notice of payments, to send you information about changes to our products and services, and to send notices and other disclosures as required by law. Generally, users cannot opt-out of these communications, but they will be primarily informational in nature rather than promotional.

However, we provide you the opportunity to exercise an opt-out choice if you do not want to receive other types of communication from us, such as emails or updates from us regarding new services and products offered on the Sites. The opt-out choice may be exercised by ticking or un-ticking the appropriate box if such checkbox is available at the points where personal data is collected or by contacting us. We will process your unsubscribe as soon as possible, but please be aware that in some circumstances you may receive a few more messages until the unsubscribe is processed. You also may opt-out of receiving such emails by clicking on the "unsubscribe" link within the text of the email.

Text Messaging

By using the Sites and providing your mobile phone number, you hereby consent to receive autodialed and/or pre-recorded telemarketing calls and text messages from or on behalf of us at the mobile number that you provide at sign-up. You understand that consent to receiving messages on your mobile device is not a condition of purchase and understand that message and data rates may apply. Additionally, should you choose to stop receiving such messages, you can contact us directly at customerservice.us@hm.com or reply STOP to a text messages once it is received. However, you hereby consent to receiving a confirmatory message in response to your STOP request.

California Privacy Rights

California Civil Code Section 1798.83 permits our visitors who are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us at customerservice.us@hm.com.